README
¶
Diligent 
Get the licenses associated with your software dependencies. Enforce that the open source licenses used by your software are compatible with your business and software licensing.
- Identify licenses across many languages using a single tool
- Whitelist licenses or categories of license which are compatible with your software
- Integrates with continuous integration to stop builds if non-whitelisted licenses are detected
- Docker image available = super easy to run
- Multiple output formats
Language and Dependency Manager Support
The following languages and dependency managers are supported:
- Go
- go modules (go.mod)
- govendor (vendor.json)
- dep (Gopkg.lock)
- Node / Javascript
- NPM (package.json)
Usage
The following command demonstrates how to use docker to run diligent:
docker run -v {project}:/dep senseyeio/diligent ls {path}
For example, if you had a node application at /app which contained a package.json file, you would run the following command:
docker run -v /app:/dep senseyeio/diligent ls .
Using diligent without docker is detailed later in the readme.
Whitelisting
The check command can check that your depedencies' licenses match a given license whitelist.
Whitelisting is possible by specifying license identifiers or categories of licenses.
To see the identifiers and categories available please look at the license definitions.
For example, the following would whitelist all permissive licenses and in addition GPL-3.0:
docker run -v {project}:/dep senseyeio/diligent check -w GPL-3.0 -w permissive {path}
If licenses are found which do not match the specified whitelist, the application will return a non zero exit code (see exit code section below). This is compatible with most CI solutions and can be used to stop builds if incompatible licenses are discovered.
To see what licenses you are whitelisting you can call the whitelist command:
docker run senseyeio/diligent whitelist -w GPL-3.0 -w permissive
If no -w flags are defined, diligent will always return a non zero exit code.
Running Locally
The following requirements need to be satisfied when running locally:
gocommand line toolGOPATHdefined
The following assumes $GOPATH/bin is within your PATH:
go install github.com/senseyeio/diligent/cmd/diligent
Run the resulting binary as follows:
diligent {path}
Exit codes
| Code | Explanation |
|---|---|
| 64 | Failed to determine licenses of one or more dependencies, however, dependencies which were successfully handled were acceptable |
| 65 | Failed to output |
| 66 | Failed to load provided file |
| 67 | Fatal error when trying to determine licenses |
| 68 | Discovered licenses do not match provided whitelist |
| 69 | Could not process provided file |
| 70 | The whitelist provided was invalid |
| 71 | The package ignore list provided was invalid |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetLicenseIdentifiers ¶
func GetLicenseIdentifiers() []string
GetLicenseIdentifiers returns identifiers for all of the licenses known by Diligent
func ReplaceCategoriesWithIdentifiers ¶
ReplaceCategoriesWithIdentifiers replaces license category names with the identifiers of the licenses belonging to that category. Strings found which are not category names are not touched.
Types ¶
type Category ¶
type Category string
Category attempts to categorize licenses based on what they allow
const ( // Open Source software that is made available under "non-copyleft" licenses. These generally require // attribution of the included open source and may include other obligations Permissive Category = "permissive" // Open source software with a "copyleft" license that offers irrevocable permission to the public to copy and // redistribute the work in the same or modified form, but with the conditions that all such redistributions make // the work available in a form that facilitates further modification and use the same license terms. // A copyleft license can require code interacting with copyleft-licensed code to be licensed the same way CopyLeft Category = "copyleft" // A license that requires you to redistribute source code, including your changes, and also to provide attribution // for the software authors. Your obligation to redistribute source code, including proprietary code linked with // code under this license, is limited according to license-specific rules CopyLeftLimited Category = "copyleft-limited" // An Attribution-style license, that contains restrictions regarding the usage of the software (for example, where // the software is not intended for use in nuclear power plants) or the redistribution of the software (for example, // where commercial redistribution of the software is not allowed without express permission). The Free Software // Foundation (FSF) says that a license with this kind of restriction is not really open source, although the // OSI point of view is not that strict FreeRestricted Category = "free-restricted" // Proprietary Free software that may not require a commercial license but may have specific terms and conditions // which Product Teams are obligated to follow. Some of these terms and conditions are provided with or in the // code or in clickable downloaded licenses. Examples are the Sun Binary Code License Agreement or a freely // offered BSP ProprietaryFree Category = "proprietary-free" // Open source software that is made available without explicit obligations, but which has a license notice that // must be kept with the code per organization policy. The match may be to software, code examples on a website, // published public domain specifications or another type of publication PublicDomain Category = "public-domain" // All includes all the licenses known by Diligent All Category = "all" )
type Deper ¶
type Deper interface {
// Name returns the name of the Deper
Name() string
// Dependencies interrogates the manifest file and returns the licenses associated with each dependency
// If a single dependency cannot be processed, a warning should be returned
// If no dependencies can be processed, an error should be returned
Dependencies(file []byte) ([]Dep, []Warning, error)
// IsCompatible should return true if the Deper can handle the provided manifest file
IsCompatible(filename string) bool
}
Deper is the interface for extracting licenses from manifest files. Implementations should interrogate a package manager's manifest file, determine the dependencies and identify their licenses
type DepsByLicense ¶
type DepsByLicense []Dep
func (DepsByLicense) Len ¶
func (d DepsByLicense) Len() int
func (DepsByLicense) Less ¶
func (d DepsByLicense) Less(i, j int) bool
func (DepsByLicense) Swap ¶
func (d DepsByLicense) Swap(i, j int)
type DepsByName ¶
type DepsByName []Dep
func (DepsByName) Len ¶
func (d DepsByName) Len() int
func (DepsByName) Less ¶
func (d DepsByName) Less(i, j int) bool
func (DepsByName) Swap ¶
func (d DepsByName) Swap(i, j int)
type License ¶
type License struct {
Identifier string
Name string
ShortName string
Category Category
Type Type
Owner string
OwnerURL string
OwnerType OwnerType
URL string
}
License contains information about a given license
func GetCategoryLicenses ¶
GetCategoryLicenses returns all the licenses belonging to a given category
func GetLicenseForDirectory ¶
func GetLicenseForGit ¶
func GetLicenseFromIdentifier ¶
GetLicenseFromIdentifier returns a License given an identifier. Ideally this identifier would be a SPDX identifier.
func GetLicenses ¶
func GetLicenses() []License
GetLicenses returns all the licenses known by Diligent
type OwnerType ¶
type OwnerType string
OwnerType identifies the license owner as either an individual or organisation
Source Files
Directories